On Mon, Jan 27, 2003 at 05:44:18PM -0500, Dan Melomedman wrote:
> David Maxwell wrote:
> > Sure. I expect system administrators to _configure_ authentication
> > methods. I don't expect them to write them. If you say 'But it's so
> > easy, I can write a perl authenticator', I'll say 'what are the odds
> > it's exploitable?'.
>
> The odds of it being exploitable, is for the writer of the module to
> care, as long as you tell the module writer what the possible problems
> are, and if you minimize such number of problems. How does a more
> complex API help? So the user can make more mistakes writing a module?
> Doesn't make any sense.
When the implemetation is shared, by posting it on a web page, users
will have no information about its quality, and whether it is well or
poorly written. Having an interface which facilitates stupid people
creating working modules that they can share with unsuspecting users
(and users who are not expected to be capable of making security
implementation decisions) is a disadvantage. I don't think I can make
that any clearer than I have, so I give up on explaining this point to
you.
> > Security vs. ease of use is a well understood tradeoff.
> >
> > Many Linux distributions install lots of junk by default. That lowers
> > the learning curve, since you don't have to figure out how to install it
> > yourself. The system is less secure because (a) things are running
> > needlessly (b) things are running that the admin doesn't know about.
>
> This isn't what we're talking about here. We're not talking about junk
> thrown by default by RedHat. We're talking about authentication
> frameworks, and the learning curve required for these frameworks. Stay
> on course, please.
I don't waste time arguing with people who won't/can't understand
abstractions and analogies. I'm done here.
--
David Maxwell, david@vex.net|david@maxwell.net -->
(About an Amiga rendering landscapes) It's not thinking, it's being artistic!
- Jamie Woods